Bitcoin Forum

What prevents sybil attack from electrum servers? In the sense that a malicious attacker might show you a fake balance, how does Electrum defend against a conspiracy between malicious electrum servers to show you a wrong balance?

I read somewhere that electrum client connects to more servers, or atleast fetches the data from multple ones, or cross verifies it, i`m not sure. Is that true??

How are the SPV blocks verified, some basic explanation please (i read the docs, its not very informative)

Worse case scenario, they could lie to your client and make it believe it has a bigger or a smaller amount of coins.
They could also deny transaction propagation.
But never spend funds.

Sorry but that doesnt answer the question. I`m curios how electrum verifies the blocks from each server.

I remember I read somewhere that it cross verifies it from multiple servers to make sure the blockchain is genuine.

Go look at the GIT repo and see for yourself, or get one of the experts telling you all this to do it.

You sign the transactions you send.. Nobody is going to forge transactions unless they do something like get code execution on your client and load malware that grabs your wallet data after logging your pass phrase. If they can find vulnerabilities in memory they probably don't need a server they could just make malicious broadcasts and save all the hassle and costs.

No, i`m not talking about the software being compromized, i`m talking about the block headers being. Because you download them from a server, and if 1 server is malicious, they can send you fake blocks with fake TX.

That is why i`m asking how electrum prevents that?

By white listing scripts as is becoming the trend. Scripts are a huge attack surface as you pointed out. I found this out my first week writing a network fuzzer.

No you misunderstand, I`m curious how electrum client talks to electrum servers.

I have read somewhere in the past, not sure, that the client fetches the blocks or block headers and cross verifies them across multiple servers to prevent sybil attacks.

I would like a confirmation if that is true or not.

bump, this question is still unanwswered.

The chances someone who's actually looked at the code are here is very slim. I've never looked at their network code I just know they transfer headers and white-list scripts because that's all you need to know for what I was doing.

If there is a way to do such an attack it's just a potential ddos. There aren't many networking or coding experts outside of the full reference client dev community so you'd see long waits for patches too..

Thats pretty sad, perhaps electrum should hire more developers, I see that the new version has already been updated in the changelog file, but not yet released.

And the commits are comming slowly as well on github, it would be nice if more devs would work on it.

Yeah 2.7.0 or whatever it is has been in the works for months. The patches look like mostly string constant and UX changes. I use it with my cold storage on Tails so it doesn't really matter. I'm still waiting for them to use Android hardware keystore to multisig. I do portable on Windows for view only.

Regarding ddos: Most criminals with capabilities are too busy dumping databases from all the bad development practices on "credible" bitcoin sites. I wouldn't worry about them shutting down the market or crashing values yet. Maybe when it takes more than a public SQLi fuzzer to jackpot exchanges they'll get mad and ddos..